"Fake" Rudd email: Why wasn't it checked?

By Lilia Guan on Jun 25, 2009 6:00 AM
Filed under Security

Five minutes is all it takes to authenticate an email, according to one IT security expert.

The Australian Federal Police (AFP) is currently conducting a preliminary forensic investigation of computers located at a premises in Canberra and at the offices of the Department of Treasury, in relation to the email at the centre of the 'Utegate' scandal.

The scandal broke out when opposition leader Malcolm Turnbull's accused Prime Minister Rudd (pictured) of using his powers to help to a car dealer friend, though the debate is now focused on an alleged "fake email" from the Prime Minister.

In a statement to the media, Prime Minister Rudd said "Turnbull's allegations are based on the existence of an alleged email between a staff member of mine and a Treasury official on the 19th of February".

The AFP has confirmed; "Preliminary results of those forensic examinations indicate that the e-mail referred to at the centre of this investigation has been created by a person or persons other than the purported author of the e-mail."

Ajoy Ghosh, security executive at Logica told CRN the AFP were taking their time on investigating where the email came from due to political sensitivity.

"This is literally a five minute job," he said.

"They are taking so long because they want to play it safe."

Ghosh told CRN that if Liberal Party members were in receipt of the alleged 'fake' email, they could've taken it to their email administrator to have it authenticated.

"It literally takes five minutes to check if an email is kosher," he said.

"Why didn't the opposition do more to check the authenticity of the email before making accusations?

"I wouldn't expect opposition leader Malcolm Turnbull to be able to determine the authenticity of an email, but an administrator or even a forensic expert would know what to look for."

Ghosh said most Australian corporations and government agencies have gateways, firewalls and security in place to prevent unauthorised email and spam from getting into a user's email box.

However, if a user is authorised to use a computer and sends a forged email to another person in the same building, then the security product would not be able to prevent it from getting through, he said.

"If that is the case then authentication of the user won't matter," said Ghosh.

"You can't stop someone from using a legitimate email box for the wrong reasons.

"Despite the actions of that person, it doesn't negate the fact that the recipient of a suspicious email didn't have it verified."

Ghosh said it doesn't take a "forensic expert" to know if an email is suspicious.

 
Follow us on Facebook and Twitter
 
"Fake" Rudd email: Why wasn't it checked?
 
 
 
 
 
Top Stories
 
10 things we learned this week
Dick's chic Move, how Microsoft Finnish-ed Nokia and more family time for $1.29m.
 
100 Android apps, 150m downloads exposed to Heartbleed
Affected apps include chart toppers in the Google Play store.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Latest Comments
Polls
Are Chromebooks ready for the enterprise?

CRN Magazine

Issue: 325 | March 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.